Subgroup ICANN SSR: Fact-Finding Meeting 9-10 Oct. in LA
Dear all, The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarter. The subgroup met with a number of ICANN staff subject matter experts (SME) and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 ToR and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions. The subgroup will update its contribution to the SSR2 work plan and post more fulsome documentation of how the subgroup’s work has advanced and issues that we’re preparing to bring to the full SSR2 Team for consideration. Note that some topics/discussions will be cross-referenced for other SSR2 subgroups (e.g. Security Framework and emerging threats apply to the Future Challenges Subgroup). Meanwhile, here’s a high-level summary of the fact-finding meeting. The subgroup reviewed, submitted questions & information requests about, and discussed early observations about: * ICANN’s Security Framework and emerging threats * ICANN’s Risk Management Framework * ICANN’s Business Continuity strategies, objectives, plans and procedures * ICANN’s operational planning and controls, and prioritized activity recovery strategy * ICANN’s Incident Response Structure * ICANN’s root server operations * ICANN’s Domain Division activities that relate to SSR objectives, including: * New gTLD program SSR-related safeguards * Emergency Back-End Registry Operator (EBERO), and related processes, and testing * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA) * Centralized Zone Data Service (CZDS) compliance, failures, plans * Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, data breaches, etc. * SLA Monitoring System (SLAM) * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting) * SSR objectives in ICANN’S standard operating procedures (SOP). As rapporteur and member of the subgroup ICANN SSR I would like to thank all SSRT2 members, ICANN staff and SME's for investing their time, preparing and attend at the meeting in LA. Thank you very much - we have taken a significant step forward in our subgroup and our related topics. Best regrads, - Boban. -- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de X.509 Key-ID: 00A54FCB79884413A4 Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716 PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
Hi Boban, all, We would like to socialize the summary of the ICANN SSR subgroup meeting last week in LA, provided in the email below, as it gives a nice overview of the meeting. To do so we would like to post it on the meeting page<https://community.icann.org/pages/viewpage.action?pageId=69277737> of the wiki and add it to the ‘Key News and Updates’ section of the wiki home page<https://community.icann.org/display/SSR/SSR2+Review>. This will allow us to link back to the summary in upcoming outreach communications regarding SSR2 and other reviews. Please let us know if you have any objections to this approach. Best, Jennifer -----Original Message----- From: <ssr2-review-bounces@icann.org> on behalf of Boban Krsic <krsic@denic.de> Date: Thursday, October 12, 2017 at 3:51 PM To: SSR2 <SSR2-review@icann.org> Subject: [Ssr2-review] Subgroup ICANN SSR: Fact-Finding Meeting 9-10 Oct. in LA Dear all, The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarter. The subgroup met with a number of ICANN staff subject matter experts (SME) and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 ToR and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions. The subgroup will update its contribution to the SSR2 work plan and post more fulsome documentation of how the subgroup’s work has advanced and issues that we’re preparing to bring to the full SSR2 Team for consideration. Note that some topics/discussions will be cross-referenced for other SSR2 subgroups (e.g. Security Framework and emerging threats apply to the Future Challenges Subgroup). Meanwhile, here’s a high-level summary of the fact-finding meeting. The subgroup reviewed, submitted questions & information requests about, and discussed early observations about: * ICANN’s Security Framework and emerging threats * ICANN’s Risk Management Framework * ICANN’s Business Continuity strategies, objectives, plans and procedures * ICANN’s operational planning and controls, and prioritized activity recovery strategy * ICANN’s Incident Response Structure * ICANN’s root server operations * ICANN’s Domain Division activities that relate to SSR objectives, including: * New gTLD program SSR-related safeguards * Emergency Back-End Registry Operator (EBERO), and related processes, and testing * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA) * Centralized Zone Data Service (CZDS) compliance, failures, plans * Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, data breaches, etc. * SLA Monitoring System (SLAM) * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting) * SSR objectives in ICANN’S standard operating procedures (SOP). As rapporteur and member of the subgroup ICANN SSR I would like to thank all SSRT2 members, ICANN staff and SME's for investing their time, preparing and attend at the meeting in LA. Thank you very much - we have taken a significant step forward in our subgroup and our related topics. Best regrads, - Boban. -- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de X.509 Key-ID: 00A54FCB79884413A4 Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716 PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
Dear Jennifer, Sure, feel free to post it on the web. Thanks a lot and see you soon. - Boban Am 18.10.17 um 15:49 schrieb Jennifer Bryce:
Hi Boban, all,
We would like to socialize the summary of the ICANN SSR subgroup meeting last week in LA, provided in the email below, as it gives a nice overview of the meeting. To do so we would like to post it on the meeting page<https://community.icann.org/pages/viewpage.action?pageId=69277737> of the wiki and add it to the ‘Key News and Updates’ section of the wiki home page<https://community.icann.org/display/SSR/SSR2+Review>. This will allow us to link back to the summary in upcoming outreach communications regarding SSR2 and other reviews.
Please let us know if you have any objections to this approach.
Best,
Jennifer
-----Original Message-----
From: <ssr2-review-bounces@icann.org> on behalf of Boban Krsic <krsic@denic.de>
Date: Thursday, October 12, 2017 at 3:51 PM
To: SSR2 <SSR2-review@icann.org>
Subject: [Ssr2-review] Subgroup ICANN SSR: Fact-Finding Meeting 9-10 Oct. in LA
Dear all,
The ICANN SSR Subgroup had a very productive two-day, fact-finding
meeting at ICANN headquarter. The subgroup met with a number of ICANN
staff subject matter experts (SME) and discussed a range of issues
relating to the completeness and effectiveness of ICANN’s security
processes and the effectiveness of the ICANN security framework
(including activities connected to the SSR2 ToR and implementation of
SSR1 recommendations). Topics were covered to varying degrees of detail
as warranted; some topics were covered sufficiently and some will
require follow-on discussions.
The subgroup will update its contribution to the SSR2 work plan and post
more fulsome documentation of how the subgroup’s work has advanced and
issues that we’re preparing to bring to the full SSR2 Team for
consideration. Note that some topics/discussions will be
cross-referenced for other SSR2 subgroups (e.g. Security Framework and
emerging threats apply to the Future Challenges Subgroup).
Meanwhile, here’s a high-level summary of the fact-finding meeting. The
subgroup reviewed, submitted questions & information requests about, and
discussed early observations about:
* ICANN’s Security Framework and emerging threats
* ICANN’s Risk Management Framework
* ICANN’s Business Continuity strategies, objectives, plans and procedures
* ICANN’s operational planning and controls, and prioritized activity
recovery strategy
* ICANN’s Incident Response Structure
* ICANN’s root server operations
* ICANN’s Domain Division activities that relate to SSR objectives,
including:
* New gTLD program SSR-related safeguards
* Emergency Back-End Registry Operator (EBERO), and related processes,
and testing
* Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)
* Centralized Zone Data Service (CZDS) compliance, failures, plans
* Vetting of registrar and registry operators as relates to SSR, and
measurement & impact of malicious conduct by contracted parties, data
breaches, etc.
* SLA Monitoring System (SLAM)
* Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS
Abuse & Domain Abuse Activity Reporting)
* SSR objectives in ICANN’S standard operating procedures (SOP).
As rapporteur and member of the subgroup ICANN SSR I would like to thank
all SSRT2 members, ICANN staff and SME's for investing their time,
preparing and attend at the meeting in LA.
Thank you very much - we have taken a significant step forward in our
subgroup and our related topics.
Best regrads,
- Boban.
--
Boban Kršić
Chief Information Security Officer
DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248
Mobil: +49 172 67 61 671
X.509 Key-ID: 00A54FCB79884413A4
Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
PGP Key-ID: 0x43C89BA9
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
Angaben nach § 25a Absatz 1 GenG:
DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de X.509 Key-ID: 00A54FCB79884413A4 Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716 PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
participants (2)
-
Boban Krsic -
Jennifer Bryce